A memory leak vulnerability in Netty's HAProxy PROXY protocol codec poses a significant risk of service disruption due to resource exhaustion.

This vulnerability involves a failure to release ByteBuf memory when processing nested PP2_TYPE_SSL TLVs at depth two or greater. This allows an unauthenticated attacker to trigger progressive memory consumption, leading to system instability.

With a CVSS score of 7.5 (High), this vulnerability presents a substantial risk to application availability. Successful exploitation results in memory exhaustion, effectively causing a denial-of-service condition that can crash critical network services, leading to potential operational downtime and loss of service continuity.

Immediate Action: Upgrade to Netty versions 4.1.135.Final or 4.2.15.Final immediately to resolve the memory leak.

Proactive Monitoring: Monitor server memory utilization and garbage collection metrics for unusual spikes that correlate with incoming network connections.

Compensating Controls: Implement rate limiting or ingress filtering on network traffic to identify and drop malformed or excessively nested HAProxy PROXY protocol headers before they reach the application layer.

Public Exploit Available: false

The vulnerability represents a clear path to denial-of-service for any infrastructure relying on Netty's HAProxy codec. Organizations should prioritize updating to the patched versions (4.1.135.Final or 4.2.15.Final) across all affected environments to prevent service degradation.